"Trevor Talbot" <quension@xxxxxxxxx> writes: > Something that looks a lot like encryption of the entire database is > more likely to succeed politically than a simple addition to > PostgreSQL's existing role-based security model? Really? I guess that you have failed to understand any of the discussion. Adding a GRANT SEESOURCECODE ON FUNCTION type of privilege would perhaps be a "simple addition to PostgreSQL's existing security model", but it would accomplish precisely zero, because anyone smart enough to be using Postgres in the first place would simply look directly into pg_proc to see the function body. In order to make it into a meaningful restriction, we would have to restrict direct SQL access to the system catalogs --- at least that one --- which would break vast quantities of stuff. The fact that psql, pg_dump, and pgAdmin would all break is daunting in itself, but those are likely just the tip of the iceberg. Looking at the system catalogs has always been part of the culture around here, and it's impossible to guess how many one-off client programs do it. I'd bet on "a lot", though. Another problem is that you're facing a cultural bias. You quote > On 12/14/07, Roberts, Jon <Jon.Roberts@xxxxxxxxxxx> wrote: >> In an ideal world, if a user can't modify a function, he/she shouldn't be >> able to see the source code. but what neither of you apparently grasp is that to most open source programmers, that's not an "ideal world", that's a pretty good description of hell on earth. There is no way that you will persuade this project that hiding source code should be the default behavior, or even especially easy. We're willing to think about ways to hide source code where there is a really serious commercial imperative to do it --- but in cases like that, schemes that are as easily broken into as a SQL-level GRANT are probably not good enough anyhow. And thus we arrive at encrypted source text and discussions of where to keep the key. Once again: this discussion is 100% off-topic for pgsql-performance. If you want to keep talking about it, please join the child thread on pgsql-hackers. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
